View Issue Details

IDProjectCategoryView StatusLast Update
0003626Composrcore_form_interfacespublic2018-06-08 10:05
ReporterChris GrahamAssigned To 
Severityfeature 
Status non-assignedResolutionopen 
Product Version 
Fixed in Version 
Summary0003626: Password input with show password button
DescriptionHave a new $value parameter to form_input_password. If not null, it will put a 'show password' button next to it.

Currently we don't use password inputs for passwords in configuration, because you may legitimately want to see the value when checking your configuration. All these would need moving over to using form_input_password (including password inputs in modules like admin_cns_forums, and actual configuration options).
Additional InformationUsing a password field with a default value is not secure - it can easily be revealed by a little JS or looking at the HTML source.
However, it is 'secure' against someone looking over your shoulder.
TagsType: Security
Attach Tags
Time estimation (hours)3
Sponsorship open0

Activities

Chris Graham

2018-06-07 16:08

administrator   ~0005736

We could also consider a setting and/or privilege on whether to pass through existing passwords at all, and instead only allow them to be changed. This would require more work though.

Issue History

Date Modified Username Field Change
2018-06-07 15:49 Chris Graham New Issue
2018-06-07 15:49 Chris Graham Tag Attached: Type: Security
2018-06-07 16:08 Chris Graham Note Added: 0005736